• Security is the heart of all technology

  • Backlit_keyboard-1-720x380

    If someone was to analyse the true method's of access of all the latest and largest system's that we're continually being told have been "hacked", there's a very obvious and common thread that hackers, at least, have found.

    That's privileged access - the kind given to those who work behind the scene's with your systems. The kind given all to easily to new hires, intern's, trusted employee's and in many cases freelance consultant's and per hour" temp's. Access that in many way's Yes, is necessary to perform but that also create's a method for those less trustworthy to make some ready cash by selling that access. Jeep, Vtech, Ashley Madison all were compromised not by someone breaking into their systems but by someone having access to their infrastructure by a shared use access.

    The fact of the matter is that many companies IT infrastructure has been developed organically, that is it's grown over time, and was never really constructed as a single entity. Over time the use of shared passwords and login's, temp accounts, trusted companies account use and partners access to your systems has probably grown above what you may have intended it to be - yet it's not the accounts themselves (many, like for a managed services Help Desk, are essential for today's workplaces) that are the problem, but the management of them.

    Taking Sony Pictures as an example, their systems were broken in to using an old shared account, that then allowed that user to download current username/password files stored on the system giving them access to those accounts and so the story unfolded as we know it today. It's to those legacy systems that have been built and grown over time that company security must look towards, due to the simple fact that only the company itself grants access, and so needs to address that issue directly themselves.

    Doing little things like stopping sharing passwords will help, as will putting in place a method to track and know all users and passwords you have issued - which will all help to secure your company's infrastructure.